Sunday, 2022-10-30

*** mhen_ is now known as mhen02:34
opendevreviewMilana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read  https://review.opendev.org/c/openstack/barbican-tempe09:32
opendevreviewMilana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read  https://review.opendev.org/c/openstack/barbican-tempe14:06
opendevreviewMilana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read  https://review.opendev.org/c/openstack/barbican-tempe14:11

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!